2 classical encryption
TRANSCRIPT
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 1/54
Classical Encryption
Techniques
CSE 651: Introduction to Network
Security
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 2/54
Classical encryption techniques
As opposed to modern cryptography
Goals:
± to introduce basic concepts & terminology of
encryption
± to prepare us for studying modern
cryptography
2
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 3/54
Basic terminology
Plaintext: original message to beencrypted
Ciphertext: the encrypted message Enciphering or encryption: the process of
converting plaintext into ciphertext
Encryption algorithm: performs encryption
± Two inputs: a plaintext and a secret key
3
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 4/54
Symmetric Cipher Model
4
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 5/54
Deciphering or decryption: recovering
plaintext from ciphertext
Decryption algorithm: performs decryption
± Two inputs: ciphertext and secret key
Secret key: same key used for encryption
and decryption
± Also referred to as a symmetric key
5
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 6/54
Cipher or cryptographic system : a scheme
for encryption and decryption
Cryptography: science of studying ciphers
Cryptanalysis: science of studying attacksagainst cryptographic systems
Cryptology: cryptography + cryptanalysis
6
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 7/54
Ciphers
Symmetric cipher: same key used for encryption and decryption
± Block cipher: encrypts a block of plaintext at a
time (typically 64 or 128 bits)
± Stream cipher: encrypts data one bit or one byte
at a time
Asymmetric cipher: different keys used for encryption and decryption
7
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 8/54
Symmetric Encryption
or conventional / secret-key / single-key
sender and recipient share a common key
all classical encryption algorithms aresymmetric
The only type of ciphers prior to the
invention of asymmetric-key ciphers in1970¶s
by far most widely used
8
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 9/54
Symmetric Encryption
Mathematically:Y = EK ( X ) or Y = E(K , X )
X = DK (Y ) or X = D(K , Y )
X = plaintext Y = ciphertext
K = secret key
E = encryption algorithm D = decryption algorithm
Both E and D are known to public
9
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 10/54
Cryptanalysis
Objective: to recover the plaintext of aciphertext or, more typically, to recover thesecret key.
Kerkhoff¶s principle: the adversary knows alldetails about a cryptosystem except thesecret key.
Two general approaches: ± brute-force attack
± non-brute-force attack (cryptanalytic attack)
10
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 11/54
Brute-Force Attack
Try every key to decipher the ciphertext.
On average, need to try half of all possible keys
Time needed proportional to size of key space
Key Size (bits) Number of Alternative
Keys
Time required at 1
decryption/µs
Time required at 106
decryptions/µs
32 232 = 4.3 v 109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 v 1016 255 µs = 1142 year s 10.01 hour s
128 2128 = 3.4 v 1038 2127 µs = 5.4 v 1024 year s 5.4 v 1018 year s
168 2168 = 3.7 v 1050 2167 µs = 5.9 v 1036 year s 5.9 v 1030 year s
26 character s
(permutation)
26! = 4 v 1026 2 v 1026 µs = 6.4 v 1012 year s 6.4 v 106 year s
11
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 12/54
12
Cryptanalytic Attacks
May be classified by how much
information needed by the attacker:
± Ciphertext-only attack
± Known-plaintext attack
± Chosen-plaintext attack
± Chosen-ciphertext attack
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 13/54
13
Ciphertext-only attack
Given: a ciphertext c
Q: what is the plaintext m?
An encryption scheme is completelyinsecure if it cannot resist ciphertext-only
attacks.
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 14/54
14
Known-plaintext attack
Given: (m1,c1), (m2,c2), «, (mk,ck) and a
new ciphertext c.
Q: what is the plaintext of c?
Q: what is the secret key in use?
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 15/54
15
Chosen-plaintext attack
Given: (m1,c1), (m2,c2), «, (mk,ck), where
m1, m2, «, mk are chosen by the
adversary; and a new ciphertext c.
Q: what is the plaintext of c, or what is the
secret key?
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 16/54
16
Example: chosen-plaintext attack
In 1942, US Navy cryptanalysts discovered that Japan
was planning an attack on ³AF´.
They believed that ³AF´ means Midway island.
Pentagon didn¶t think so.
US forces in Midway sent a plain message that their
freshwater supplies were low.
Shortly, US intercepted a Japanese ciphertext sayingthat ³AF´ was low on water.
This proved that ³AF´ is Midway.
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 17/54
17
Chosen-ciphertext attack
Given: (m1,c1), (m2,c2), «, (mk,ck), where
c1, c2, «, ck are chosen by the adversary;
and a new ciphertext c.
Q: what is the plaintext of c, or what is the
secret key?
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 18/54
Classical Ciphers
Plaintext is viewed as a sequence of
elements (e.g., bits or characters)
Substitution cipher: replacing each element of
the plaintext with another element.
Transposition (or permutation) cipher:
rearranging the order of the elements of the
plaintext. Product cipher: using multiple stages of
substitutions and transpositions
18
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 19/54
Caesar Cipher
Earliest known substitution cipher
Invented by Julius Caesar
Each letter is replaced by the letter threepositions further down the alphabet.
Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Example: ohio state RKLR VWDWH
19
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 20/54
Caesar Cipher
Mathematically, map letters to numbers:
a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
Then the general Caesar cipher is:
c = EK ( p) = ( p + k ) mod 26
p = DK (c ) = (c ± k ) mod 26
Can be generalized with any alphabet.
20
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 21/54
Cryptanalysis of Caesar Cipher
Key space: {0, 1, ..., 25}
Vulnerable to brute-force attacks.
E.g., break ciphertext "UNOU YZGZK³
Need to recognize it when have the
plaintext What if the plaintext is written in Swahili?
21
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 22/54
Monoalphabetic Substitution Cipher
Shuffle the letters and map each plaintext letter to a
different random ciphertext letter:
Plain letters: abcdefghijklmnopqrstuvwxyz
Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: if wewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
What does a key look like?
22
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 23/54
Monoalphabetic Cipher Security
Now we have a total of 26! = 4 x 1026 keys.
With so many keys, it is secure against
brute-force attacks.
But not secure against some cryptanalytic
attacks.
Problem is language characteristics.
23
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 24/54
Language Statistics and Cryptanalysis
Human languages are not random.
Letters are not equally frequently used.
In English, E is by far the most common letter,followed by T, R, N, I, O, A, S.
Other letters like Z, J, K, Q, X are fairly rare.
There are tables of single, double & triple letter frequencies for various languages
24
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 25/54
English Letter Frequencies
25
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 26/54
Statistics for double & triple letters
In decreasing order of frequency
Double letters:th he an in er re es on, «
Triple letters:the and ent ion tio for nde, «
26
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 27/54
Use in Cryptanalysis
Key concept: monoalphabetic substitution does
not change relative letter frequencies
To attack, we
± calculate letter frequencies for ciphertext
± compare this distribution against the known
one
27
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 28/54
Example Cryptanalysis
Given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Count relative letter frequencies (see next page) Guess {P, Z} = {e, t}
Of double letters, ZW has highest frequency, soguess ZW = th and hence ZWP = the
Proceeding with trial and error finally get:it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
28
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 29/54
Letter frequencies in ciphertext
P 13.33 H 5.83 F 3.33 B 1.67 C 0.00
Z 11.67 D 5.00 W 3.33 G 1.67 K 0.00
S 8.33 E 5.00 Q 2.50 Y 1.67 L 0.00
U 8.33 V 4.17 T 2.50 I 0.83 N 0.00
O 7.50 X 4.17 A 1.67 J 0.83 R 0.00
M 6.67
29
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 30/54
What type of attack?
Ciphertext-only attack
Known-plaintext attack
Chosen-plaintext attack
Chosen-ciphertext attack
30
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 31/54
Playfair Cipher
Not even the large number of keys in amonoalphabetic cipher provides security.
One approach to improving security is toencrypt multiple letters at a time.
The Playfair Cipher is the best knownsuch cipher.
Invented by Charles Wheatstone in 1854,but named after his friend Baron Playfair.
31
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 32/54
Playfair Key Matrix
Use a 5 x 5 matrix.
Fill in letters of the key (w/o duplicates).
Fill the rest of matrix with other letters. E.g., key = MONARCHY.
MM OO NN A A RR
CC HH YY BB DD
EE FF GG I/JI/J KK
LL PP QQ SS TT
UU VV WW XX ZZ
32
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 33/54
Encrypting and Decrypting
Plaintext is encrypted two letters at a time.
1. If a pair is a repeated letter, insert filler like 'X¶.
2. If both letters fall in the same row, replace
each with the letter to its right (circularly).
3. If both letters fall in the same column, replace
each with the the letter below it (circularly).
4. Otherwise, each letter is replaced by the letter in the same row but in the column of the other
letter of the pair.
33
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 34/54
Security of Playfair Cipher
Equivalent to a monoalphabetic cipher with analphabet of 26 x 26 = 676 characters.
Security is much improved over the simple
monoalphabetic cipher.
Was widely used for many decades ± eg. by US & British military in WW1 and early WW2
Once thought to be unbreakable.
Actually, it can be broken, because it still leavessome structure of plaintext intact.
34
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 35/54
Polyalphabetic Substitution Ciphers
A sequence of monoalphabetic ciphers (M1, M2,
M3, ..., Mk) is used in turn to encrypt letters.
A key determines which sequence of ciphers to
use.
Each plaintext letter has multiple corresponding
ciphertext letters.
This makes cryptanalysis harder since the letter frequency distribution will be flatter.
35
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 36/54
Vigenère Cipher
Simplest polyalphabetic substitution cipher
Consider the set of all Caesar ciphers:
{ Ca, C
b, C
c, ..., C
z}
Key: e.g. security
Encrypt each letter using Cs, Ce, Cc, Cu, Cr ,Ci, Ct, Cy in turn.
Repeat from start after Cy.
Decryption simply works in reverse.
36
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 37/54
Example of Vigenère Cipher
Keyword: dece ptiv e
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
37
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 38/54
Security of Vigenère Ciphers
There are multiple (how many?) ciphertext letterscorresponding to each plaintext letter.
So, letter frequencies are obscured but not totally lost.
To break Vigenere cipher:
1. Try to guess the key length. How?
2. If key length is N, the cipher consists of N Caesar
ciphers. Plaintext letters at positions k, N+k, 2N+k,
3N+k, etc., are encoded by the same cipher.
3. Attack each individual cipher as before.
38
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 39/54
Guessing the Key Length
Main idea: Plaintext words separated by multiplesof the key length are encoded in the same way.
In our example, if plaintext = ³«thexxxxxxthe«´then ³the´ will be encrypted to the same ciphertextwords.
So look at the ciphertext for repeated patterns.
E.g. repeated ³VTW´ in the previous example
suggests a key length of 3 or 9:ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Of course, the repetition could be a random fluke.
39
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 40/54
Rotor Cipher Machines
Before modern ciphers, rotor machines were most commoncomplex ciphers in use.
Widely used in WW2.
Used a series of rotating cylinders. Implemented a polyalphabetic substitution cipher of period K.
With 3 cylinders, K = 263 =17,576.
With 5 cylinders, K = 265 =12 x 106.
What is a key? ± If the adversary has a machine
± If the adversary doesn¶t have a machine
40
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 41/54
41
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 42/54
German secret setting sheets
42
DateWhich rotors to use (there were 10 rotors)
Ring setting
Plugboard setting
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 43/54
The Rotors
43
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 44/54
Enigma Rotor Machine
44
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 45/54
Enigma Rotor Machine
45
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 46/54
Transposition Ciphers
Also called permutation ciphers.
Shuffle the plaintext, without altering the
actual letters used. Example: Row Transposition Ciphers
46
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 47/54
Row Transposition Ciphers
Plaintext is written row by row in a rectangle.
Ciphertext: write out the columns in an order
specified by a key.
Key: 3 4 2 1 5 6 7
Plaintext:
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
47
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 48/54
Product Ciphers
Uses a sequence of substitutions and
transpositions
± Harder to break than just substitutions or
transpositions
This is a bridge from classical to modern ciphers.
48
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 49/54
Unconditional & Computational
Security
A cipher is unconditionally secure if it issecure no matter how much resources(time, space) the attacker has.
A cipher is computationally secure if thebest algorithm for breaking it will requireso much resources (e.g., 1000 years) that
practically the cryptosystem is secure. All the ciphers we have examined are not
unconditionally secure.
49
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 50/54
An unconditionally Secure Cipher
50
1 2 3 4
1 2 3 4
1 2 3 4
Key = (random, )
Plaintext =
Cipherte
Vernam¶s one-time pad cip
used one-time only
xt =
where
Can be proved to be unconditionally sec
her
ur .e
i i i
k k k k
m m m m
c c c c
c m k !
y
y
y
y
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 51/54
Steganography
Hide a message in another message.
E.g., hide your plaintext in a graphic image
± Each pixel has 3 bytes specifying the RGB
color ± The least significant bits of pixels can bechanged w/o greatly affecting the image quality
± So can hide messages in these LSBs
Advantage: hiding existence of messages
Drawback: high overhead
51
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 52/54
52
Take a 640x480 (=30,7200) pixel image.
Using only 1 LSB, can hide 115,200 characters Using 4 LSBs, can hide 460,800 characters.
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 53/54
53
5/13/2018 2 Classical Encryption - slidepdf.com
http://slidepdf.com/reader/full/2-classical-encryption-55a753f29d932 54/54
Summary
Have considered:
± classical cipher techniques and terminology
± monoalphabetic substitution ciphers
± cryptanalysis using letter frequencies
± Playfair cipher
± polyalphabetic ciphers
± transposition ciphers
± product ciphers and rotor machines
± stenography54